One of the main TLS extensions is for negotiating the host name, to allow virtual servers in TLS. One of the ECC extensions allows for negotiating client and server ECC capabilities. Both of these extensions would involved selecting a server certificate from among many possible stored server certificates (for different hosts or different ECC curve settings).
However, the SSL structures in OpenSSL at present only support one certificate (well, more precisely, one certificate of each algorithm type: RSA, DSA, ECC). It is my impression that extending support for multiple certificates of each type would require changes across the board. Is a change like this currently in the works for any of the code base? Is this something that the core team would prefer to implement, or would be willing to accept a patch in this area? Who would be a primary contact for this issue?
Regards,
Douglas Stebila Sun Microsystems Laboratories Email: [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
